As part of my series about the “How Business Leaders Plan To Rebuild In The Post COVID Economy,” I had the pleasure of interviewing Gunjan Sinha.
Gunjan Sinha is a visionary, entrepreneur, and business leader. He currently serves as the executive chairman of MetricStream. He is probably still best known as the founder of WhoWhere?- an internet search engine which he sold to Lycos in 1998. He is also the co-founder and board member of the customer engagement software company, eGain (NASDAQ: EGAN). Throughout his career, he has been an active investor and board member in numerous successful Silicon Valley start-ups and venture funds.
Gunjan is a strong believer in social entrepreneurship, having helped create Child Family Health International, a United Nations recognized public non-profit, to transform global health education. From 2010 to 2017, Gunjan became the founding board member of the US India Endowment Board — started by the US State Department along with the Office of Science and Technology at the White House — an endowment fund that supports innovation and commercialization of science and technology for social good in the US and India.
Gunjan is passionate about social innovation, diversity, inclusiveness, and global risk management. He envisions a world that brings the power of socially conscious innovations to better disrupt its risks, and create opportunities for all.
Thank you so much for your time! I know that you are a very busy person. Our readers would love to “get to know you” a bit better. Can you tell us a bit about your ‘backstory’ and how you got started?
Certainly. In 1994, one of the first business ventures I helped create was Parsec Technology Pvt. Ltd., an information technology business. In 1995, I launched one of the first internet search engines, WhoWhere?, and acted as the president of the company until we sold it to Lycos in 1998.
Thereafter in 1998, I also cofounded eGain, a market leader in customer engagement software, which is now a public company on NASDAQ (Ticker: EGAN).
From there, I went on to serve as an active investor and board member for numerous Silicon Valley start-ups and non-profits, and also founded MetricStream, a global leader in GRC software solutions where I currently serve as their Executive Chairman.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lessons or ‘take aways’ you learned from that?
When I first started out in the mid-1990’s, I recall I made a lot of mistakes. By the way, I still make lots of mistakes. What I have tried to do is not let these mistakes come in my way of moving forward with conviction. My personal rule is to allow myself to make a mistake only once and not repeat it if I can. In my world, if you don’t down an F-16, you don’t become a fighter pilot. I recall rejecting strong M&A opportunities early on in my career which cost me many financial downsides. Those situations taught me how to deal with losses and still move forward to create value and not repent or look back. A lesson that entrepreneurs should take to heart.
Is there a particular book that you read, or podcast you listened to, that really helped you in your career? Can you explain?
The one book that I read early on in my career was “Future Perfect” by Stan Davis: https://www.amazon.com/Future-Perfect-Anniversary-Stan-Davis/dp/0201327953
This book helped me think about the present as the past of the future. This concept allows me to not anticipate and predict and to think about the “beforemath” as much as “aftermath” of potential future events. It’s a tool that visionaries must embrace. As a visionary entrepreneur, your job is to predict the future and you better be right! Of course, once you have your vision, then you must execute passionately with extreme ownership to turn your vision into your personal definition of success — not just what is measured by society. These skills give you the power to be an entrepreneur over long periods of time.
Extensive research suggests that “purpose driven business” are more successful in many areas. When you started your company what was your vision, your purpose?
Reflecting on our past, I got the inspiration of MetricStream through the events of September 11, 2001 and by 2004, I was able to get MetricStream going with a vision to solve the problem of “Risk.”
As we started working on the technologies and platforms for what we then called “quality and compliance” or “comprehensive risk,” it took a lot of evangelism to explain the concept back then. Coincidentally, we helped coin the “GRC” acronym in 2008 by working with the analysts and launched into that space with our initial GRC customers. 2008 was also the year Lehman collapsed, Bear Stearns fell, and the mortgage crisis created one of the biggest financial depressions in modern history. That was when the first wave of GRC took effect. The world recognized the need for GRC, the marketplace for GRC was drafted, and a slew of financial regulations like Dodd Frank, FINRA, and SEC took on a greater meaning for financial institutions and banks to take GRC seriously.
That was the first time companies recognized the value of integrated approaches to risk, compliance and governance. A critical takeaway from this was that companies started to focus on their financial resilience through Basel II, capital adequacy, scenario planning, loss management and other GRC concepts that were born out of the necessities arising from the financial crisis.
Do you have a “number one principle” that guides you through the ups and downs of running a business?
As an entrepreneur, I am strongly guided by the power of serendipity or, in other words, finding something beautiful without looking for it. So, even in the darkest moments of the business, I can look for the good and it helps me tide over.
If something is going too well, I question — am I missing something here? If something is not going well, I ask the reverse — what is the good here that I am missing? This constant dialog with myself to look at the flip side of the coin has now become a habit that gives me tremendous staying power through the ups and downs of life and business.
Thank you for all that. The Covid-19 pandemic has affected nearly every aspect of our lives today. For the benefit of empowering our readers, can you share with our readers a few of the personal and family related challenges you faced during this crisis? Can you share what you’ve done to address those challenges?
Being locked down with a shelter-in-place order has been challenging for all of us. My family and I have tried to really make the most of our backyard. My entrepreneurial side taught me that perhaps we can create an outdoor garden office, create a vegetable garden, or bring in some more flowers and color in our life to brighten up our space. My backyard has become my passion in the last three months and my family is enjoying every aspect of it, including cooking and grilling in the California summer.
Can you share a few of the biggest work related challenges you are facing during this pandemic? Can you share what you’ve done to address those challenges?
Our largest challenge was that we had to continue to serve our customers with a workforce that was working remotely. This meant that we had to quickly ensure cyber security of our systems and execute on our business continuity plans to factor in an extended period of time in that work environment. Thankfully, we were able to successfully pivot to the new conditions and reassure our customers of uninterrupted support. For example, when the pandemic hit, we worked quickly to create a COVID-19 Management Solution that companies could deploy in a matter of a few days to gain a clearer view of risks across the organization and third-party networks. Our COVID-19 Resource Center is authored by subject matter experts and acts as an active forum for insights on best practices on staying resilient during the pandemic.
We also moved quickly to convert our annual GRC Summit, originally scheduled to be held in Washington, D.C. in mid-May, into a virtual event, thereby continuing the process of serving as a GRC knowledge hub for our customers and the GRC industry at large. The summit had close to 2,500 online attendees who were able to watch the livestream on our website and LinkedIn and consume the amazing content curated with over 50 breakout session videos on customer stories, panel discussions and more. The summit theme centred around COVID-19, preparedness and response, and resonated with both the stellar line-up of speakers and our audience.
Our HR team also put together a bunch of online activities for employees which ranged from meditation to expert talks on resilience, learning and staying positive.
What we discovered was that this situation brought our global teams closer together virtually as there were even more online meetings, team calls and watercooler chats to keep employees engaged across our various offices. We have found that our employees continued to be productive, engaged, and committed to MetricStream’s goals.
Many people have become anxious from the dramatic jolts of the news cycle. The fears related to the corona virus pandemic have understandably heightened a sense of uncertainty, fear, and loneliness. What are a few ideas that you have used to offer support to your family and loved ones who were feeling anxious? Can you explain?
I am a strong optimist. Back in March, after a few days of reflection, I moved on to seek the silver lining in this world of COVID-19. My friends and loved ones see my constant search for the silver lining — seeking opportunities, ideas, innovations and even debates on how the society progresses despite all the despair and hardships. Ultimately, humanity is going to prevail — not the virus. That is my firm deeper belief and my loved ones and friends know that as they engage with me.
Obviously we can’t know for certain what the Post-Covid economy will look like. But we can of course try our best to be prepared. We can reasonably assume that the Post-Covid economy will be a trying time for many people across the globe. Yet at the same time the Post-Covid growth can be a time of opportunity. Can you share a few of the opportunities that you anticipate in the Post-Covid economy?
Organizations will emerge from the crisis in different ways. Some will be unsure about the future. Others will have strengthened their resilience — the ability to withstand shocks. But still, others will have found a way to become more prepared to handle the unknown unknowns.
GRC and integrated risk management will play an increasingly critical role in business organizations. Risk findings and metrics will be aligned much more closely to resilience and strategic objectives so that when the next global crisis comes — because it will — organizations will be better prepared to respond and pivot quickly.
Whether it is having a majority of the workforce work from home, increased digitalization, or a greater emphasis on sustainable performance, business models are more than likely to change to adapt to the new normal.
We’ll see a fresh wave of innovation. AI, ML, RPA and analytics will be in great demand as businesses scramble to anticipate and mitigate emerging risks, keep pace with the volume and velocity of data, and keep the cyber health of the extended enterprise secure.
I think this pandemic has forced us to think about our culture, resilience, good governance, and integrity. We’ve seen this playout in the pandemic when communities and businesses have supported frontline workers, and those at high risk, with safety equipment, loan waivers and more. I see this as a huge opportunity to emerge wiser, if not stronger, and move towards a more diverse, inclusive, and equitable society.
How do you think the COVID pandemic might permanently change the way we behave, act or live?
COVID-19 is a challenge that will continue to affect our lives and dominate discussions in the boardroom for a long time. The pandemic has certainly changed the way we view the interconnectedness of risk, and implicitly, GRC. Integrated risk management programs will broaden to incorporate a “peripheral” vision of data. For example, information on transactions, customers, geopolitics, third parties, and other themes that weren’t traditionally a part of risk analyses. Organizations will also gear up for fast-changing, high-velocity risks. Leadership teams will expect real-time, forward-looking risk insights rather than retrospective data. To meet this demand, more second line processes will be automated.
The importance of companies needing a GRC team and systems in place has never been more profound than in this climate where the risks of a compliance or regulatory failure, cyber-attack, supply chain collapse, etc. is only heightened. However, it is also critical that companies consider how effective their current GRC processes are and whether they need to adapt and upgrade to better handle the ongoing impact of the disease. As this shift occurs, GRC responsibilities across the lines of defense will change. The front line will take on a bigger role in identifying, assessing, and predicting risks. AI chatbots and other innovations will support them in this endeavour.
With increased dependence on AI and technology, there will be an increased focus on ethics and integrity as we go forward. We will need to de-bias technology and use filters of ethics and social responsibility to ensure that we respect data privacy and fundamental rights. Operating with integrity might be perceived as an approach that incurs short-term costs and initial complexities, but increasingly businesses are realizing that such a strategy has far greater long-term business benefits.
In the past few weeks, companies around the world have put their business continuity plans to the test and witnessed the effectiveness of being able to respond to such an unforeseen crisis. Many of these plans were likely to have been drafted well before the pandemic struck, and some companies were even caught out by not having an effective plan in place at all. Now though, every business will be prioritizing business continuity plans to ensure they can maintain resilience and protect essential operations for any future crises. Given the uncertainty of the coronavirus and how long it will take to find a vaccine, it is clear that plans will need to be flexible to any lockdown updates that governments around the world may enforce in the weeks and months to come.
After 9/11 we accepted heightened state scrutiny like security checks in airports. Now, we will have to be prepared for even further scrutiny whether it’s health checks, contact tracing or data monitoring. These will impact our privacy and raise issues of ethical use of data, our fundamental rights, and where the line should be drawn.
We’ve faced crises before with the financial crisis of 2008 and the cyber-attack wave in 2015, but this pandemic — a biological risk — has caught us off guard because it has exposed huge operational risks with the workforce and the supply chains being impacted. I believe that there is still a fourth wave to come — the climate crisis — and this will bring with it a plethora of risks that will deeply impact our lives and livelihood. Businesses now need to start taking more heed to Environmental, Social and Governance (ESG) impact as they continue to conduct their business operations and investment plans. Culture, values, ethics and integrity will determine whether a business will attract great employees and customers.
This pandemic has taught us that there are many unknown unknowns out there. However, it’s up to us to collect and connect the dots to help us better prepare for what is yet to come.
Considering the potential challenges and opportunities in the Post-Covid economy, what do you personally plan to do to rebuild and grow your business or organization in the Post-Covid Economy?
As we look back and also ahead, the financial crisis of 2008 gave way to 11 years of solid growth. Companies not only survived but thrived. Today, in this current COVID-19 crisis world, GRC is even more important as workplaces go virtual, the threat of cyber risks steadily increases, and globalization forces companies to deal with regulations across continents. Frankly, businesses need GRC in this new reality.
The silver lining of these trying times is the new insights that will emerge to help transform organizations for stronger performance and we will align our products to deliver on these. We will build momentum on layering AI, ML, and other new technologies into our products to help organizations predict and prevent as they navigate the new normal. In doing so, we will always remain conscious of the ethical and societal risks that could emerge with these new technologies. We will layer our products with software that is easy to understand and use by the front line, making them an equitable partner in the business.
Our spotlight will be on helping our customers build resilience. As we move forward, I believe our GRC products and solutions will play a critical role in helping organizations understand and stay ahead of risks, delivering sustainable outcomes while performing with integrity.
Similarly, what would you encourage others to do?
My advice is that we need to plan, act, and adapt.
Ensure the health, security, and productivity of your workforce and the extended enterprise with comprehensive crisis and business continuity plans to counter any further storms.
To run a sustainable and performing business, a company’s leadership and board need to gain a clear and timely view of risks across the entire enterprise. Organizations should ensure that the right controls are in place so that businesses can remain resilient. Even when offices shut down, suppliers are functioning on reduced capacity and employees are in remote locations. Accurate business impact assessments, mass notifications, ongoing communications and solid business continuity management are what is needed.
Invest in AI and automation and use advanced analytics to filter through mountains of data. Use technology to uncover risk insights for decision-making to accelerate digital transformation and drive business performance.
Every company will need a regimented and compliant framework that allows them to nimbly and globally orchestrate the systems of GRC, whether they be unwritten social contracts — think goodwill and reputation — or written contracts with suppliers, regulators, customers and partners.
Businesses that put integrity at their core will have stronger reputations, greater customer loyalty, and better performance.
Simply put, make GRC your new reality.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
“It is our choices that show us what we truly are far more than our abilities” — J. K. Rowling
I believe in the immense entrepreneurial power of serendipity — finding something beautiful without looking for it.
How can our readers further follow your work?
With a legacy of being in the business of GRC for over two decades, MetricStream has a wide variety of thought leadership content available on our website www.metricstream.com. Our GRC Summit https://www.grc-summit.com/us/2020/ features keynotes, panel discussions and customer stories on the GRC industry best practices and trends.
You can also read our blogs on blogs.metricstream.com and follow us on our social media handles: LinkedIn: https://www.linkedin.com/company/metricstream twitter: https://twitter.com/metricstream and Facebook: https://www.facebook.com/MetricStream
